Made to Order Software Corporation Logo
Home

data

jsMath Security Issue

Security Issue

A security issue was found in all versions of jsMath before 2.x-dev for Drupal 6.x of Jul 29, 2010.

You may still securely use older versions of jsMath on private websites and websites were you are the only user (as in, the only one who can log in.)

The Drupal Security Advisory issue is here: https://www.drupal.org/node/854402

Other Problem

There is another problem: jsMath offers a JavaScript function that parses entire web pages (although there are ways to circumvent that problem, the module does not currently make use of those.) The jsMath Drupal module uses the ...

SimpleMenu Custom Theme

Introduction

The newer versions of SimpleMenu allows for an easy way of adding custom themes.

There are two main ways to add new SimpleMenu themes:

1. In the simplemenu themes folder;

2. In your theme folder.

SimpleMenu themes folder

CSS

If you look under the simplemenu folder, you will see a sub-folder named themes. You can place your own specialized themes in that folder to make them available system-wide (i.e. if you are using many themes or use one Drupal installation for many websites.) In other words, this folder is viewed as a global theme folder.

The themes folder ...

To Do List Global Settings

Global Settings

Global settings are found under Administer » Site configuration » To do list (admin/settings/to_do).

Only To Do List administrators can edit the Global Settings.

Extend To Do List with other modules

Extensibility

The To Do List module can be extend with the use of other modules. This page describes such extensions and what you can do with them.

Permissions

You may want to allow more people to work on your To Do List with better granularity in regard to who can edit which issue (instead of all of them) and who can view issues.

There are two modules you can use for this pupose. One lets you choose based on a set of taxonomy terms and the other lets you choose based on available roles.

In order to use a taxonomy with a set of terms, use tac_lite1

  • 1. tac_lite stands for Taxonomy ...

Insert Node Parameter: cckteaser (6-1.3)

The CCK parameter let you insert one of your CCK field in full. This parameter, cckteaser, let you insert the teaser of your CCK field.

This feature uses the teaser flag of the CCK module in order to insert the teaser data. This means only the field_<name> fields make the distinction between cck=... and cckteaser=..., the other fields simply ignores the difference.

For more information on the CCK field names that are supported, check the Insert Node Parameter: cck (6-1.2) page.

 

IMPORTANT NOTE

Note that the parameter value ends with a semi-colon! Do not include quotes

Insert Node Parameter: repeat (6-1.2) [no content]

The repeat keyword is used to repeat the filtering on the data just inserted. This is particularly useful with the asterisk name or on nodes that do not otherwise include a format that transforms the tags included in themselves.

This let you create nodes that are like macros.

Note that the macro can itself include a repeat in one of its Insert Node tags.1

  • 1. As far as I can tell, this will not create recursive calls, however, if you have a problem with a macro using repeat, try to remove the keyword to see if that solves the problem. If so, let me know by

Insert Nodes used as a macro (6.x-1.2)

This module can be used to create macros (as pointed out by one of our user in a Drupal issue.)

The following steps show you how you can create a macro with the Insert Node module.

Create the Macro

First, create a node that is to become the macro. We will call this node macro. It is used without the Insert Node filter so the Insert Node tags do not get changed. This is important since we reference the main node (with the asterisk) and that reference would look like a recursive reference.

One idea is to use the macro as a PayPal button which gets set with parameters from another node. ...

Insert Node Security Considerations

Although the accessibility of the node and comments are checked, it is a good idea to see this module as a security risk giving users a way to display nodes otherwise forbidden to them.

Because a lot of the data is used unfiltered, it is strongly suggest that you pay very close attention to the order of your filters. If you authorize this module to your users (i.e. where they can select an Input filter that includes this specific filter,) then look into checking the HTML code after this filter. Otherwise, a user could inject some unwanted HTML code1

  • 1. Of course, the inclusion of a node should

Insert Node Parameter: cck (6-1.2)

The CCK parameter let you insert one of your CCK field and some node fields that cannot otherwise be added without being themed.

We support CCK fields and several special field names as follow.

Fields that appeared after version 6-1.2 have a version specified between parenthesis (i.e. 6-1.3).

cck=field_<name>; [requires CCK]

The CCK parameter must be followed by a field name. An empty name is likely to generate an error. The name of a field that does not exist is likely to generate nothing.

For instance, if you have a field named see_also, you would write:

   cck=field_see_also;

Insert Node Parameter: comments (6-1.1) [no content]

Attach the comments at the bottom of the node data.

The comments will be shown just as in the regular page (i.e. flat, thread, expanded, collapsed.)

Note that this data is considered a [no content] because it does not affect the use of the "default" parameter. However, it definitively adds content to your output.

CSS Class: div.insert-node-comments

Theme: InsertNode_comments

IMPORTANT NOTES

The comments are appended to anything else that you have inserted. You cannot use the order of your parameters to put the comments in a different location. In order to do that, use multiple